Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus

LizaMoon SQL injection rogue AV
Over the last few days, a mass SQL injection attack has been quickly gathering speed. Just three days ago only 28,000 URLs were affected, but at the time of writing, there could be up to 3.8 million infected URLs.

Websense
has a complete write up the attack, dubbed 'LizaMoon,' but here's the basic gist: it looks like someone is exploiting a vulnerabilty (or vulnerabilities) in hundreds of thousands of websites running on Microsoft SQL Server 2003 and 2005. It's not yet known whether this is a vulnerability in SQL Server, or simply a case of outdated, unmaintained, and easily-exploitable CMSes.

The attack takes the form of an SQL injection, which then inserts a link to a JavaScript file hosted on the attacker's server. This is repeated over and over until every Web page in the SQL database has been infected -- and considering 3.8 million URLs have been infected, you can see that this is a very easy, and automated, attack.

Fortunately, the JavaScript isn't particularly malicious: it pops up a rogue AV program called Windows Stability Center, but that's it. Better yet, the rogue antivirus is already recognized by a bunch of real antivirus suites, including Avast, Panda and Microsoft Security Essentials.

The real problem with SQL injection attacks is that there's nothing we surfers can do about them. There will always be old and unmaintained websites, and thus SQL injections will remain one of the easiest and most lucrative tools of hackers and spammers alike. All you can do is keep your antivirus and anti-malware software up to date, and pray.

Gargantuan SQL injection infects 3.8 million URLs, installs rogue antivirus originally appeared on Download Squad on Fri, 01 Apr 2011 05:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/01/massive-sql-injection-infects-3-8-million-urls-installs-rogue-a/

make money online

Toyota pulls Cydia theme and ads to appease Apple

Apple asks Toyota to remove jailbreak Cydia theme
In news that will no doubt shake the very bedrock of your belief system, Apple has asked Toyota to remove its Scion theme and its advertising from ModMyi, a Cydia repository. The Scion theme has been available for weeks, but after it received a ton of press in the last couple of days, Apple finally lashed out.

It's not like we should be surprised, considering Apple has claimed in the past that jailbreaking is illegal -- but at the same time, did the Cupertino cronies hear about the ruling that made circumventing DRM, and thus jailbreaking, legal? Anyway, whether Toyota was supporting illegal, legal, or deliciously gray and ambiguous, activity, it doesn't matter: Apple asked Toyota to remove the theme, and Toyota graciously bent over and capitulated.

This story raises a much more interesting topic, though: this is the first time a multinational company has publicly acknowledged and embraced the jailbreak community. Considering jailbreaking is technically legal, and Cydia's creator, Jay Freeman, estimates that up to 9% of OS devices are jailbroken, it simply makes good, commercial sense to target jailbreakers with ads. Toyota was simply trying to make some money, for shame!

As long as Apple continues to throw around its increasingly-expansive mass, the legality of jailbreaking will continue to be inconsequential. It will be interesting to see if another big company dares embrace the jailbreak community after this, too.

Toyota pulls Cydia theme and ads to appease Apple originally appeared on Download Squad on Wed, 06 Apr 2011 05:25:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/06/toyota-pulls-ios-jailbreak-theme-and-ads-to-appease-apple/

make money online

National Geographic's Great Map App Lets You Take the World For a Spin

The National Geographic Society may be best known for its iconic yellow National Geographic magazine, which very often includes, folded up inside, some awesome maps from all around the world. As a youngster, I remember pouring over National Geographic maps on the living room floor, hanging a map of North America on my bedroom wall, and using them as study aids in school.

Source: http://www.technewsworld.com/rsstory/73111.html

make money online

National Geographic's Great Map App Lets You Take the World For a Spin

The National Geographic Society may be best known for its iconic yellow National Geographic magazine, which very often includes, folded up inside, some awesome maps from all around the world. As a youngster, I remember pouring over National Geographic maps on the living room floor, hanging a map of North America on my bedroom wall, and using them as study aids in school.

Source: http://www.technewsworld.com/rsstory/73111.html

make money online

Evernote Web gets a new interface, Facebook sharing, and more

evernote web
Evernote, the popular multi-platform 'digital memory' app, has done some serious re-tooling of its Web interface. In addition to a more polished UI that more closely mirrors the look of Evernote on the desktop, the update brings features like notebook stacks and snippet view to the Web.

Auto-saving is now enabled as well, and you can select multiple items by holding down the Cmd or Ctrl key on your Mac or Windows keyboard. If you've got items stored in your notebooks that you want to share with friends or co-workers, Evernote has improved that process, too. You can quickly post an item to Facebook, share it via email, or generate a Web sharing link to paste into an IM conversation or status update.

Head over to the Evernote Web login page to try out the new interface.

Evernote Web gets a new interface, Facebook sharing, and more originally appeared on Download Squad on Tue, 29 Mar 2011 10:50:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/03/29/evernote-web-gets-a-new-interface-facebook-sharing-and-more/

make money online

Security firm RSA attacked using Excel-Flash one-two sucker punch

RSA attacked using Flash vulnerability
It has emerged that the underlying cause of RSA's SecurID gaffe was the recently-reported zero-day vulnerability found in Adobe's Flash Player.

The exploit, which used specially-crafted Flash embedding in Excel spreadsheets, was first reported on March 15 and has since been fixed. RSA was hacked sometime in the first half of March when an employee was successfully spear phished and opened an infected spreadsheet. As soon as the spreadsheet was opened, an advanced persistent threat (APT) -- a backdoor Trojan -- called Poison Ivy was installed. From there, the attackers basically had free reign of RSA's internal network, which led to the eventual dissemination of data pertaining to RSA's two-factor authenticators.

The attack is reminiscent of the APTs used in the China vs. Google attacks from last year -- and indeed, Uri Rivner, the head of new technologies at RSA is quick to point out that that other big companies are being attacked, too: "The number of enterprises hit by APTs grows by the month; and the range of APT targets includes just about every industry. Unofficial tallies number dozens of mega corporations attacked [...] These companies deploy any imaginable combination of state-of-the-art perimeter and end-point security controls, and use all imaginable combinations of security operations and security controls. Yet still the determined attackers find their way in."

What we'd like to know, though, is whether the attack on RSA was caused by Adobe's lackadaisical approach to patching Flash -- or was it the other way around? Was it the RSA attack that first brought the zero-day vulnerability to Adobe's attention?

Security firm RSA attacked using Excel-Flash one-two sucker punch originally appeared on Download Squad on Wed, 06 Apr 2011 06:55:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Source: http://downloadsquad.switched.com/2011/04/06/security-firm-rsa-attacked-using-excel-flash-one-two-sucker-punc/

make money online

BlackBerry Bold 9930, Torch 9850 go on sale at Sprint for $200, $150


As expected, the BlackBerry Torch 9850 and BlackBerry Bold 9930 went on sale at Sprint yesterday as part of its BlackBerry 7 lineup. Both phones feature 1.2GHz Snapdragon processors and five-megapixel cameras, but the 9850 has a 3.7-inch touch-only display compared to the Bold's 2.8-inch screen and keyboard combination. Purchased online with contracts and after rebates, the 9850 is selling for $150 while the 9930 is going for a cool $200 -- a departure from the originally announced Bold price tag of $249, with no mention of cash back. For Sprint users, a rebate is clearly better than no rebate -- even if it does require a stamp.

BlackBerry Bold 9930, Torch 9850 go on sale at Sprint for $200, $150 originally appeared on Engadget on Mon, 22 Aug 2011 14:02:00 EDT. Please see our terms for use of feeds.

Permalink Electronista  |  sourceSprint  | Email this | Comments


Source: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/-yGFvpooz2s/

make money online

DIY CRT is fun, slightly dangerous, won't lead to a home-made TV

DIY CRT
Looking for a DIY project with a bit more danger than an Arduino-powered TV muter, but don't have the resources to start building a fusion reactor in your garage? Well, challenge yourself with this electron accelerator project that requires little more than a wine bottle, a vacuum pump, a neon sign transformer and a diode from a microwave oven. OK, so that's not exactly a list of components you're likely to have laying around, but they're not terribly difficult to come by and at the end of the day you'll have your very own, home-made cathode ray tube. That's right, just like the one inside that TV you finally junked last week. You won't be able to create your own old-school display with it, but you will be able to observe interesting effects like sputtering (a ring of metal ion deposits) and magnetic deflection. Check out the instructions at the source and the video after the break.

Continue reading DIY CRT is fun, slightly dangerous, won't lead to a home-made TV

DIY CRT is fun, slightly dangerous, won't lead to a home-made TV originally appeared on Engadget on Mon, 22 Aug 2011 19:04:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceDIY Electron Accelerator (Instructables)  | Email this | Comments

Source: http://www.engadget.com/2011/08/22/diy-crt-is-fun-slightly-dangerous-wont-lead-to-a-home-made-tv/

make money online

Clever Stand Clamps Keyboard to iPhone, iPad

I would have started writing my novel by now, but of course I need just the right app/gadget/learn-to-write-novels-book to do it. Which is why I spend hours and hours on the Internet searching productivity porn for the perfect panacea (whilst simultaneously practicing my alliteration skills). And while the WINGStand won’t get me back those lost hours [...]

Source: http://www.wired.com/gadgetlab/2011/08/clever-stand-clamps-keyboard-to-iphone-ipad/

make money online